Category: programming

But now, “we also have Zig, a newer language that seeks to absorb what’s best about these languages and offer comparable performance with a better, more reliable developer experience.”

Zig is a very active project. It was started by Andrew Kelley in 2015 and now seems to be reaching critical mass. Zig’s ambition is rather momentous in software history: to become the heir to C’s longstanding reign as both the go-to portable low-level language and as a standard to which other languages are compared….

Currently, Zig is being used to implement the Bun.js JavaScript runtime as an alternative to Node.js. Bun’s creator Jarred Sumner told me “Zig is sort of similar to writing C, but with better memory safety features in debug mode and modern features like defer (sort of similar to Go’s) and arbitrary code can be executed at compile-time via comptime. It has very few keywords so it’s a lot easier to learn than C++ or Rust.”

Zig differs from most other languages in its small feature footprint, which is the outcome of an explicit design goal: Only one obvious way to do things. Zig’s developers take this goal so much to heart that for a time, Zig had no for loop, which was deemed an unnecessary syntactic elaboration upon the already adequate while loop. Kevin Lynagh, coming from a Rust background, wrote, “The language is so small and consistent that after a few hours of study I was able to load enough of it into my head to just do my work.” Nathan Craddock, a C developer, echoed the sentiment. Programmers seem to really like the focused quality of Zig’s syntax.
While Zig is “approaching” production-ready status, the article notes its high degree of interoperability with C and C++, its unique error-handling system, and its elimination of a malloc keyword (leaving memory allocation to the standard library).

“For now, the Zig team appears to be taking its time with the 1.0 release, which may drop in 2025 or later — but none of that stops us from building all sorts of things with the language today.”

Telemetry, as Cox describes it, involves software sending data from Go software to a server to provide information about which functions are being used and how the software is performing. He argues it is beneficial for open source projects to have that information to guide development. And the absence of telemetry data, he contends, makes it more difficult for project maintainers to understand what’s important, what’s working, and to prioritize changes, thereby making maintainer burnout more likely. But such is Google’s reputation these days that many considering the proposal have doubts, despite the fact that the data collection contemplated involves measuring the usage of language features and language performance. The proposal isn’t about the sort of sensitive personal data vacuumed up by Google’s ad-focused groups. “Now you guys want to introduce telemetry into your programming language?” IT consultant Jacob Weisz said. “This is how you drive off any person who even considered giving your project a chance despite the warning signs. Please don’t do this, and please issue a public apology for even proposing it. Please leave a blast radius around this idea wide enough that nobody even suggests trying to do this again.”

He added: “Trust in Google’s behavior is at an all time low, and moves like this are a choice to shove what’s left of it off the edge of a cliff.”

Meanwhile, former Google cryptographer and current open source maintainer Filippo Valsorda said in a post to Mastodon: “This is a large unconventional design, there are a lot of tradeoffs worth discussing and details to explore,” he wrote. “When Russ showed it to me I made at least a dozen suggestions and many got implemented.”

“Instead: all opt-out telemetry is unethical; Google is evil; this is not needed. No one even argued why publishing any of this data could be a problem.”

Codex was trained on billions of lines of public code to suggest additional lines of code and functions given the context of existing code. The system surfaces a programming approach or solution in response to a description of what a developer wants to accomplish (e.g. “Say hello world”), drawing on both its knowledge base and the current context. According to the researchers, the study participants who had access to Codex were more likely to write incorrect and “insecure” (in the cybersecurity sense) solutions to programming problems compared to a control group. Even more concerningly, they were more likely to say that their insecure answers were secure compared to the people in the control.

Megha Srivastava, a postgraduate student at Stanford and the second co-author on the study, stressed that the findings aren’t a complete condemnation of Codex and other code-generating systems. The study participants didn’t have security expertise that might’ve enabled them to better spot code vulnerabilities, for one. That aside, Srivastava believes that code-generating systems are reliably helpful for tasks that aren’t high risk, like exploratory research code, and could with fine-tuning improve in their coding suggestions. “Companies that develop their own [systems], perhaps further trained on their in-house source code, may be better off as the model may be encouraged to generate outputs more in-line with their coding and security practices,” Srivastava said. The co-authors suggest vendors use a mechanism to “refine” users’ prompts to be more secure — “akin to a supervisor looking over and revising rough drafts of code,” reports TechCrunch. “They also suggest that developers of cryptography libraries ensure their default settings are secure, as code-generating systems tend to stick to default values that aren’t always free of exploits.”

There are other initiatives underway, including the writing of an Apple graphics driver in the Rust language. For the initial merge into the mainline kernel, though, Linus Torvalds made it clear that as little functionality as possible should be included. So those drivers and their support code were trimmed out and must wait for a future kernel release. What is there is the support needed to build a module that can be loaded into the kernel, along with a small sample module…. Torvalds asked for something that could do “hello world” and that is what we got. It is something that can be played with, but it cannot be used for any sort of real kernel programming at this point.
That situation will, hopefully, change in the near future.

Meanwhile, Linux 6.1 also includes “support for destructive BPF programs, some significant io_uring performance improvements, better user-space control over transparent huge-page creation, improved memory-tiering support.”

The Register adds:
Other interesting additions include more support for the made-in-China LoongArch CPU architecture, introductory work to support Wi-Fi 7 and security fixes for some flaky Wi-Fi routines in previous versions of the kernel. There’s also plenty of effort to improve the performance of Linux on laptops, and enhanced power efficiency for AMD’s PC-centric RYZEN silicon.

According to Paul Jansen, CEO of Netherlands-based TIOBE Software, the rising popularity of C++ has pushed Java down a notch. The index’s rankings are now:
– Python in first place
– C second
– C++ third, and
– Java fourth.

C++ stepped up to third, and Java fell to fourth. “C++ surpassed Java for the first time in the history of the TIOBE Index, which means that Java is at position 4 now,” said Jansen in the December update for the TIOBE Index. “This is the first time that Java is not part of the top 3 since the beginning of the TIOBE Index in 2001.”

The surge in C++, perhaps in part helped by the stable release of C++ 20 in December 2020, is particularly ironic in light of the language’s recent dismissal by Microsoft CTO Mark Russinovich, which coincides with industry evangelism for Rust and its capacity for memory safety.
The article points out that other rankings still show a slighty higher popularity for Java.

And ZDNet notes the other languages rising quickly in popularity over the last 12 months:
In a year-on-year comparison in Tiobe’s index, the languages now in the top 20 that made significant gains over the period are: Rust (up from 27 to 20), Objective-C (up from 29 to 19), science-specialized MATLAB (20 to 14), and Google’s Go language (up from 19 to 12).

“The only rule is that you share at least one novel and also your source code at the end,” explains the event’s official page on GitHub.

From the repository’s README file:

The “novel” is defined however you want. It could be 50,000 repetitions of the word “meow” (and yes it’s been done!). It could literally grab a random novel from Project Gutenberg. It doesn’t matter, as long as it’s 50k+ words.

Please try to respect copyright. We’re not going to police it, as ultimately it’s on your head if you want to just copy/paste a Stephen King novel or whatever, but the most useful/interesting implementations are going to be ones that don’t engender lawsuits.

This year’s computer-generated novels include ” sunday in the sunday in the,” mapping the colors from each dot in the Pointillist painting Sunday Afternoon on the Island of La Grande Jatte onto words from the lyrics of a musical about that painting. (“Rush blind. Link adds shallot again….”)

And there’s still no actual Rust code in Linux:

“You need to get all those things that can make sure that Rust can compile, and you can do the debugging and all these things,” explained Joel Marcey, director of advocacy and operations for the Rust Foundation, “and make sure that the memory safety is there and all that sort of stuff. And that has to happen first before you can actually write any real code in Rust for the Linux kernel itself.”

Marcey explained that Linux is going to be doing this inclusion very piecemeal, with lots of little integrations here and there over time so they can see how it is working. “I would imagine that over the next year, you’re going to see more small incremental changes to the kernel with Rust, but as people are seeing that it’s actually kind of working out, you’ll be able to maybe, for example, write Linux drivers or whatever with Rust,” said Marcey….

According to Bec Rumbul, executive director of the Rust Foundation, Rust being added to the kernel is an “enormous vote of confidence in the Rust programming language.” She explained that in the past other languages have been planned to make it into the kernel and ended up not getting put in. “I think having someone with the kind of intellectual gravity of Linus Torvalds saying ‘No, it’s going in there,’ that kind of says an awful lot about how reliable Rust already is and how much potential there is for the future as well,” she said.

Rumbul believes that there will be an increased interest in the language, which is still relatively new (It first made its debut in 2010) compared to some of the other languages out there to choose from. “I suspect that because Rust is now in the kernel, and it’s just being talked about much … more widely, that it will seem like an attractive prospect to a lot of people that are looking to develop their skills and their knowledge,” she said. Rumbul hopes people will also be inspired to participate in the language as contributors and maintainers, because those are some of the less popular roles within open source, but are extremely critical to the health of a language, she explained.
The Rust Foundation also launched a new security team in September to ensure best practices (including a dedicated security engineer). Their first initiative will be a security audit and threat modeling exercises.

“We want to basically shore up,” Rust operations director Marcey tells SD Times, “to ensure that Rust itself is actually as secure as we always say it is.”

In this year’s Stack Overflow Developer Survey, 86.73% of developers said they love Rust.

ZDNet believe it shows developers “experimenting less and sticking with what they know and what works.”

JavaScript remains the largest programming language community, SlashData found. According to its research, there are an estimated 19.6 million developers worldwide using JavaScript every day in everything from web development and mobile apps to backend coding, cloud and game design. Java, meanwhile, is growing rapidly. In the last two years, the size of the Java community has more than doubled from 8.3 million to 16.5 million, SlashData found. For perspective, the global developer population grew about half as fast over the same period….

Python also continued to grow strongly, adding about eight million new developers over the last two years, according to SlashData. It accredited the rise of data science and machine learning as “a clear factor in Python’s growing popularity”. Approximately 63% of machine-learning developers and data scientists report using Python, whereas less than 15% use R, another programming language often associated with data science.

Both the Kotlin and Rust communities doubled in size in the past two years, the article points out. But according to the survey, only 9% of developers were involved in blockchain technologies.

Yet 27% of respondents reported they were learning about (if not currently working on) cryptocurrency-based projects. ZDNet summarizes the findings:

Of the three blockchain technologies covered in the report, non-fungible tokens (NFTs) were found to be of least interest to developers: 58% showed “no interest” in NFTs, which SlashData said was “likely due to its perception as a novelty”.

The report found that one-quarter (25%) of developers currently work on, or are learning about, blockchain applications other than cryptocurrencies.

Microsoft and Google have each stated that software memory safety issues are behind around 70 percent of their vulnerabilities. Poor memory management can lead to technical issues as well, such as incorrect program results, degradation of the program’s performance over time, and program crashes. NSA recommends that organizations use memory safe languages when possible and bolster protection through code-hardening defenses such as compiler options, tool options, and operating system configurations. The full report is available here (PDF).